HP-UX Reference (11i v1 05/09) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

authcap(4) authcap(4)

NAME

authcap - security databases for trusted systems

SYNOPSIS

/tcb/files/auth/*

/tcb/files/auth/system/*

DESCRIPTION

All security-relevant databases are stored in an

ASCII

format in the ﬁle system. This format is converted to

binary structures by support routines described in Section 3 manual entries. This manual entry describes

the format of these databases, and describes the philosophy of conversion into data structures.

Hierarchy Structure

The complete database resides in two hierarchies:

/tcb/files/auth/*

and

/tcb/files . The

ﬁrst hierarchy contains the Protected Password database, and has subdirectories with single letter names,

each of which is a starting letter for user names. Within each of these directories are regular ﬁles, each

containing an authcap(4) format ﬁle containing the Protected Password entry for a particular user. Thus,

all user names beginning with

x have their respective authentication and identity information in a ﬁle in

directory /tcb/files/auth/x

Directories within

/tcb/files/auth/system

and /tcb/files contain system-wide information.

Global system settings reside in directory

/tcb/files/auth/system

. Terminal and device assign-

ment ﬁles are located in directory

/tcb/files .

The following database ﬁles reside in directory system:

default Default Control

The following database ﬁles reside in directory /tcb/files :

ttys Terminal Control

devassign Device Assignment

File Format

Each data ﬁle (/tcb/files/auth/system

and /tcb/files )has the same format. Each ﬁle con-

sists of one virtual line, optionally split into multiple physical lines with the \ character present at the end

of all lines except the last. For example, the line

smk:u_name=smk:u_id#16:u_pwd=a78/a1.eitfn6:chkent:

can be split into:

smk:u_name=smk:u_id#16:\

:u_pwd=a78/a1.eitfn6:\

:chkent:

Note that all capabilities must be immediately preceded and followed with the : separator. Multiple line

entries require : at the end of each line and at the beginning of each continuation line in the entry. Con-

tinuation lines are indented by a tab character. Multiple entries are separated by a new-line character that

is not preceded by a continuation character:

daa:u_name=daa:u_id#75:u_maxtries#9:chkent:

smk:u_name=smk:u_id#76:u_maxtries#5:chkent:

Line Format

The format of a line is brieﬂy as follows:

name:cap1:cap2:cap3:...:capn:chkent:

The entry is referenced by the name. The end of the name part of the entry is terminated by the : charac-

ter.

At the end of each entry is the chkent ﬁeld. This is used as an integrity check on each entry. The auth-

cap

routines reject all entries that do not contain the chkent terminator.

Each entry has 0 or more capabilities, each terminated with the : character. Each capability has a unique

name. Numeric capabilities have the format:

id#num

HP-UX 11i Version 1: September 2005 − 1 − Hewlett-Packard Company Section 4−−27